-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  kernel DoS (SSA:2004-167-01)

New kernel packages are available for Slackware 8.1, 9.0, 9.1,
and -current to fix a denial of service security issue.  Without
a patch to asm-i386/i387.h, a local user can crash the machine.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554

Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Tue Jun 15 02:11:41 PDT 2004
patches/packages/kernel-ide-2.4.26-i486-3.tgz:  Patched local DoS
  (CAN-2004-0554).  Without this patch to asm-i386/i387.h a local user
  can crash the kernel.
  (* Security fix *)
patches/packages/kernel-source-2.4.26-noarch-2.tgz:  Patched local DoS
  (CAN-2004-0554).  The new patch can be found here, too:
  patches/source/kernel-source/CAN-2004-0554.i387.fnclex.diff.gz
  (* Security fix *)
patches/kernels/*:  Patched local DoS (CAN-2004-0554).
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated packages for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/kernel-ide-2.4.18-i386-6.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/kernel-source-2.4.18-noarch-7.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/kernels/

Updated packages for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kernel-ide-2.4.21-i486-4.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kernel-source-2.4.21-noarch-4.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/kernels/

Updated packages for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-ide-2.4.26-i486-3.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-source-2.4.26-noarch-2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/kernels/

Updated packages for Slackware -current:

Just the patch for 2.4.x kernels:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/source/kernel-source/CAN-2004-0554.i387.fnclex.diff.gz
77d9eb0640f07df4167aaa53e0b42e2e  CAN-2004-0554.i387.fnclex.diff.gz

Just the patch for 2.6.x kernels:
e453d64187eac2216bebf85d72449fcb  CAN-2004-0554.i387.fnclex.diff.gz


MD5 signatures:
+-------------+

Slackware 8.1 packages:
8bbced2d1f09d033de89ae5957427a25  kernel-ide-2.4.18-i386-6.tgz
050aa2dd8d38f0ba3de2fca621eb13c9  kernel-source-2.4.18-noarch-7.tgz

Slackware 9.0 packages:
21dbafdcf32d84c22daddc349a719420  kernel-ide-2.4.21-i486-4.tgz
56ca0fbf5778283a1d9a76a278cb7cf5  kernel-source-2.4.21-noarch-4.tgz

Slackware 9.1 packages:
614b79763721126939569f235d4524d6  kernel-ide-2.4.26-i486-3.tgz
43681f735928641a2b5fc786604bca77  kernel-source-2.4.26-noarch-2.tgz

Slackware -current packages:
7a19720356937bcc0f360b8b158a1419  kernel-ide-2.4.26-i486-4.tgz
c0d2d8b2977d5c86d100fe02a8c2681b  kernel-headers-2.4.26-i386-3.tgz
8fbb66feb2d108baa6af6a895fc7f49a  kernel-source-2.4.26-noarch-4.tgz
91ccc5ff7a5be15afdee86a60c6b408d  kernel-generic-2.6.6-i486-5.tgz
bdcb17009e79bb375dad7fecdd7e60ae  kernel-headers-2.6.6-i386-3.tgz
ed7c1e42f537414db8cd4dda8e2e9077  kernel-source-2.6.6-noarch-3.tgz


Installation instructions:
+------------------------+

Use upgradepkg to install the new packages.
After installing the kernel-ide package you will need to run lilo ('lilo'
at a command prompt) or create a new system boot disk ('makebootdisk'), and
reboot.

If desired, a kernel from the kernels/ directory may be used instead.  For
example, to use the kernel in kernels/scsi.s/, you would copy it to the
boot directory like this:

cd kernels/scsi.s
cp bzImage /boot/vmlinuz-scsi.s-2.4.26

Create a symbolic link:
ln -sf /boot/vmlinuz-scsi.s-2.4.26 /boot/vmlinuz

Then, run 'lilo' or create a new system boot disk and reboot.


+-----+

Slackware: 2004-167-01: kernel DoS Security Update

June 15, 2004
New kernel packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a denial of service security issue

Summary

Here are the details from the Slackware 9.1 ChangeLog: Tue Jun 15 02:11:41 PDT 2004 patches/packages/kernel-ide-2.4.26-i486-3.tgz: Patched local DoS (CAN-2004-0554). Without this patch to asm-i386/i387.h a local user can crash the kernel. (* Security fix *) patches/packages/kernel-source-2.4.26-noarch-2.tgz: Patched local DoS (CAN-2004-0554). The new patch can be found here, too: patches/source/kernel-source/CAN-2004-0554.i387.fnclex.diff.gz (* Security fix *) patches/kernels/*: Patched local DoS (CAN-2004-0554). (* Security fix *)

Where Find New Packages

Updated packages for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/kernel-ide-2.4.18-i386-6.tgz ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/kernel-source-2.4.18-noarch-7.tgz ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/kernels/
Updated packages for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kernel-ide-2.4.21-i486-4.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kernel-source-2.4.21-noarch-4.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/kernels/
Updated packages for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-ide-2.4.26-i486-3.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-source-2.4.26-noarch-2.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/kernels/
Updated packages for Slackware -current:
Just the patch for 2.4.x kernels: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/source/kernel-source/CAN-2004-0554.i387.fnclex.diff.gz 77d9eb0640f07df4167aaa53e0b42e2e CAN-2004-0554.i387.fnclex.diff.gz
Just the patch for 2.6.x kernels: e453d64187eac2216bebf85d72449fcb CAN-2004-0554.i387.fnclex.diff.gz

MD5 Signatures

Slackware 8.1 packages: 8bbced2d1f09d033de89ae5957427a25 kernel-ide-2.4.18-i386-6.tgz 050aa2dd8d38f0ba3de2fca621eb13c9 kernel-source-2.4.18-noarch-7.tgz
Slackware 9.0 packages: 21dbafdcf32d84c22daddc349a719420 kernel-ide-2.4.21-i486-4.tgz 56ca0fbf5778283a1d9a76a278cb7cf5 kernel-source-2.4.21-noarch-4.tgz
Slackware 9.1 packages: 614b79763721126939569f235d4524d6 kernel-ide-2.4.26-i486-3.tgz 43681f735928641a2b5fc786604bca77 kernel-source-2.4.26-noarch-2.tgz
Slackware -current packages: 7a19720356937bcc0f360b8b158a1419 kernel-ide-2.4.26-i486-4.tgz c0d2d8b2977d5c86d100fe02a8c2681b kernel-headers-2.4.26-i386-3.tgz 8fbb66feb2d108baa6af6a895fc7f49a kernel-source-2.4.26-noarch-4.tgz 91ccc5ff7a5be15afdee86a60c6b408d kernel-generic-2.6.6-i486-5.tgz bdcb17009e79bb375dad7fecdd7e60ae kernel-headers-2.6.6-i386-3.tgz ed7c1e42f537414db8cd4dda8e2e9077 kernel-source-2.6.6-noarch-3.tgz

Severity
[slackware-security] kernel DoS (SSA:2004-167-01)
New kernel packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a denial of service security issue. Without a patch to asm-i386/i387.h, a local user can crash the machine.
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554

Installation Instructions

Installation instructions: Use upgradepkg to install the new packages. After installing the kernel-ide package you will need to run lilo ('lilo' at a command prompt) or create a new system boot disk ('makebootdisk'), and reboot. If desired, a kernel from the kernels/ directory may be used instead. For example, to use the kernel in kernels/scsi.s/, you would copy it to the boot directory like this: cd kernels/scsi.s cp bzImage /boot/vmlinuz-scsi.s-2.4.26 Create a symbolic link: ln -sf /boot/vmlinuz-scsi.s-2.4.26 /boot/vmlinuz Then, run 'lilo' or create a new system boot disk and reboot.

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security
32.Lock Code Circular Esm H320
2 - 3 min read
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its
4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved